[TriLUG] Has anyone used SSL-Explorer?

Kevin J. mrkevinj at yahoo.com
Thu Jun 21 12:00:56 EDT 2007 

Perhaps SSH would do the trick:

http://3sp.com/kb/idx/0/033/article/Executing_Multiple_Commands_and_Processing_Shell_Output.html


----- Original Message ----
From: Daniel Bartholomew <plumcreek at gmail.com>
To: Triangle Linux Users Group discussion list <trilug at trilug.org>
Sent: Thursday, June 21, 2007 11:43:10 AM
Subject: Re: [TriLUG] Has anyone used SSL-Explorer?


On Thu, 2007-06-21 at 07:13 -0700, Kevin J. wrote:
> It seems like this would be susceptible to a password attack 
> if it's polling directly against AD for authentication. Do any
> of these work with two-way authentication mechanisms such as a 
> RSA SecurID FOB?
> 
> Kevin 
> 
> 
> ----- Original Message ----
> From: David McDowell <turnpike420 at gmail.com>
> To: Triangle Linux Users Group discussion list <trilug at trilug.org>
> Sent: Thursday, June 21, 2007 9:55:21 AM
> Subject: Re: [TriLUG] Has anyone used SSL-Explorer?
> 
> 
> We started testing with SSLExplorer and found it limiting for our
> needs.  We ended up going with a commercial SSL VPN solution by Array
> Networks.  It works great, although so far I've only technically
> tested with WinXP Pro due to that being our corp environment.
> 

I'm probably not the best person to answer this (seeing as I just
started playing with SSL-Explorer this morning) but in looking through
the authentication mechanisms listed in the extensions manager it
seems to support several --- client certificates, Active Directory,
local sytem accounts, usb-keys, LDAP, NIS, OTP/SMS, and RADIUS.

I don't know much about how any of these are implemented, but there
seem to be a lot of choices.

My main question now is whether or not I can script this. If we use it
we'll be adding and removing users often and each user will need
customized apps (i.e. a putty session to a specific port on a specific
server for just that user and no one else). If creating (and destroying)
apps is strictly a manual point-and-click affair then this solution is 
probably unworkable.

>From what I've experienced so far in my couple hours of testing I am
impressed with how well it works and how easy it was to set up. It
would be a shame to have a lack of scriptability be its downfall.

-- 
Daniel Bartholomew
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/


       
____________________________________________________________________________________Ready for the edge of your seat? 
Check out tonight's top picks on Yahoo! TV. 
http://tv.yahoo.com/

More information about the TriLUG mailing list